all: fix some typos in comment

Change-Id: Ia209f0a6d9b19d14e655c65d1287a1416b48c487
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/707535
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Sean Liao <sean@liao.dev>
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sean Liao <sean@liao.dev>

17 files changed, 20 insertions, 20 deletions

diff --git a/acme/autocert/internal/acmetest/ca.go b/acme/autocert/internal/acmetest/ca.go
index 28e6e7d..c7ddd3d 100644
--- a/acme/autocert/internal/acmetest/ca.go
+++ b/acme/autocert/internal/acmetest/ca.go
@@ -145,7 +145,7 @@ func (ca *CAServer) URL() string {
 	return ca.url
 }
 
-// Roots returns a pool cointaining the CA root.
+// Roots returns a pool containing the CA root.
 func (ca *CAServer) Roots() *x509.CertPool {
 	if ca.url == "" {
 		panic("Roots called before Start")
diff --git a/acme/rfc8555.go b/acme/rfc8555.go
index fc653f3..976b277 100644
--- a/acme/rfc8555.go
+++ b/acme/rfc8555.go
@@ -232,7 +232,7 @@ func (c *Client) AuthorizeOrder(ctx context.Context, id []AuthzID, opt ...OrderO
 	return responseOrder(res)
 }
 
-// GetOrder retrives an order identified by the given URL.
+// GetOrder retrieves an order identified by the given URL.
 // For orders created with AuthorizeOrder, the url value is Order.URI.
 //
 // If a caller needs to poll an order until its status is final,
diff --git a/chacha20/chacha_arm64.s b/chacha20/chacha_arm64.s
index 7dd2638..769af38 100644
--- a/chacha20/chacha_arm64.s
+++ b/chacha20/chacha_arm64.s
@@ -29,7 +29,7 @@ loop:
 	MOVD	$NUM_ROUNDS, R21
 	VLD1	(R11), [V30.S4, V31.S4]
 
-	// load contants
+	// load constants
 	// VLD4R (R10), [V0.S4, V1.S4, V2.S4, V3.S4]
 	WORD	$0x4D60E940
 
diff --git a/internal/wycheproof/rsa_pss_test.go b/internal/wycheproof/rsa_pss_test.go
index 2ad9a43..f2f9b6e 100644
--- a/internal/wycheproof/rsa_pss_test.go
+++ b/internal/wycheproof/rsa_pss_test.go
@@ -141,7 +141,7 @@ func TestRsaPss(t *testing.T) {
 			}
 			// Run all the tests twice: the first time with the salt length
 			// as PSSSaltLengthAuto, and the second time with the salt length
-			// explictily set to tg.SLen.
+			// explicitly set to tg.SLen.
 			for i := 0; i < 2; i++ {
 				for _, sig := range tg.Tests {
 					h.Reset()
diff --git a/nacl/box/box_test.go b/nacl/box/box_test.go
index cce1f3b..4049257 100644
--- a/nacl/box/box_test.go
+++ b/nacl/box/box_test.go
@@ -114,7 +114,7 @@ func TestSealOpenAnonymous(t *testing.T) {
 		t.Fatal("expected out to be unchanged")
 	}
 	if !bytes.HasPrefix(box, orig) {
-		t.Fatal("expected out to be coppied to returned slice")
+		t.Fatal("expected out to be copied to returned slice")
 	}
 	_, ok = OpenAnonymous(nil, box[len(out):], publicKey, privateKey)
 	if !ok {
diff --git a/nacl/sign/sign_test.go b/nacl/sign/sign_test.go
index db26901..95ba801 100644
--- a/nacl/sign/sign_test.go
+++ b/nacl/sign/sign_test.go
@@ -69,6 +69,6 @@ func TestGenerateSignOpen(t *testing.T) {
 	}
 
 	if !bytes.Equal(message, testMessage) {
-		t.Fatalf("verified message does not match signed messge, got\n%x\n, expected\n%x", message, testMessage)
+		t.Fatalf("verified message does not match signed message, got\n%x\n, expected\n%x", message, testMessage)
 	}
 }
diff --git a/openpgp/packet/opaque_test.go b/openpgp/packet/opaque_test.go
index 61159f4..06a3bbf 100644
--- a/openpgp/packet/opaque_test.go
+++ b/openpgp/packet/opaque_test.go
@@ -51,7 +51,7 @@ func TestOpaqueParseReason(t *testing.T) {
 	const expectedBad = 3
 	// Test post-conditions, make sure we actually parsed packets as expected.
 	if badPackets != expectedBad {
-		t.Errorf("unexpected # unparseable packets: %d (want %d)", badPackets, expectedBad)
+		t.Errorf("unexpected # unparsable packets: %d (want %d)", badPackets, expectedBad)
 	}
 	if uid == nil {
 		t.Errorf("failed to find expected UID in unsupported keyring")
diff --git a/openpgp/s2k/s2k.go b/openpgp/s2k/s2k.go
index fa1a919..490cb63 100644
--- a/openpgp/s2k/s2k.go
+++ b/openpgp/s2k/s2k.go
@@ -53,7 +53,7 @@ func (c *Config) hash() crypto.Hash {
 
 func (c *Config) encodedCount() uint8 {
 	if c == nil || c.S2KCount == 0 {
-		return 96 // The common case. Correspoding to 65536
+		return 96 // The common case. Corresponding to 65536
 	}
 
 	i := c.S2KCount
diff --git a/ssh/agent/keyring.go b/ssh/agent/keyring.go
index c1b4361..d129875 100644
--- a/ssh/agent/keyring.go
+++ b/ssh/agent/keyring.go
@@ -112,7 +112,7 @@ func (r *keyring) Unlock(passphrase []byte) error {
 }
 
 // expireKeysLocked removes expired keys from the keyring. If a key was added
-// with a lifetimesecs contraint and seconds >= lifetimesecs seconds have
+// with a lifetimesecs constraint and seconds >= lifetimesecs seconds have
 // elapsed, it is removed. The caller *must* be holding the keyring mutex.
 func (r *keyring) expireKeysLocked() {
 	for _, k := range r.keys {
diff --git a/ssh/agent/keyring_test.go b/ssh/agent/keyring_test.go
index e9c90a3..5e495d5 100644
--- a/ssh/agent/keyring_test.go
+++ b/ssh/agent/keyring_test.go
@@ -30,7 +30,7 @@ func validateListedKeys(t *testing.T, a Agent, expectedKeys []string) {
 		return
 	}
 	if len(listedKeys) != len(expectedKeys) {
-		t.Fatalf("expeted %d key, got %d", len(expectedKeys), len(listedKeys))
+		t.Fatalf("expected %d key, got %d", len(expectedKeys), len(listedKeys))
 		return
 	}
 	actualKeys := make(map[string]bool)
diff --git a/ssh/client_auth_test.go b/ssh/client_auth_test.go
index e398c40..a183c21 100644
--- a/ssh/client_auth_test.go
+++ b/ssh/client_auth_test.go
@@ -1136,7 +1136,7 @@ func TestPickSignatureAlgorithm(t *testing.T) {
 				t.Fatalf("error generating cert signer: %v", err)
 			}
 			// The signer supports the public key algorithm and the
-			// public key format is a certificate type so the cerificate
+			// public key format is a certificate type so the certificate
 			// algorithm matching the key format must be returned
 			_, algo, err = pickSignatureAlgorithm(certSigner, c.extensions)
 			if err != nil {
diff --git a/ssh/example_test.go b/ssh/example_test.go
index d6bad3e..653f2c8 100644
--- a/ssh/example_test.go
+++ b/ssh/example_test.go
@@ -155,7 +155,7 @@ func ExampleNewServerConn() {
 }
 
 func ExampleServerConfig() {
-	// Minimal ServerConfig with SHA-1 algoritms disabled and supporting only
+	// Minimal ServerConfig with SHA-1 algorithms disabled and supporting only
 	// public key authentication.
 
 	// The algorithms returned by ssh.SupportedAlgorithms() are different from
@@ -344,7 +344,7 @@ func ExampleClientConfig() {
 		log.Fatalf("unable to parse private key: %v", err)
 	}
 
-	// Minimal ClientConfig with SHA-1 algoritms disabled.
+	// Minimal ClientConfig with SHA-1 algorithms disabled.
 	// The algorithms returned by ssh.SupportedAlgorithms() are different from
 	// the default ones and do not include algorithms that are considered
 	// insecure, such as those using SHA-1, returned by
@@ -361,7 +361,7 @@ func ExampleClientConfig() {
 			ssh.PublicKeys(signer),
 		},
 		HostKeyCallback: ssh.FixedHostKey(hostKey),
-		// We should check that hostKey algorithm is inlcuded in
+		// We should check that hostKey algorithm is included in
 		// algorithms.HostKeys.
 		HostKeyAlgorithms: algorithms.HostKeys,
 	}
diff --git a/ssh/handshake_test.go b/ssh/handshake_test.go
index 61f9784..56f230c 100644
--- a/ssh/handshake_test.go
+++ b/ssh/handshake_test.go
@@ -1330,7 +1330,7 @@ func TestAlgorithmNegotiationError(t *testing.T) {
 
 	_, _, _, err = NewClientConn(c2, "", clientConf)
 	if err == nil {
-		t.Fatal("client connection succeded expected algorithm negotiation error")
+		t.Fatal("client connection succeeded expected algorithm negotiation error")
 	}
 	var negotiationError *AlgorithmNegotiationError
 	if !errors.As(err, &negotiationError) {
diff --git a/ssh/server_test.go b/ssh/server_test.go
index e48f7e3..e186193 100644
--- a/ssh/server_test.go
+++ b/ssh/server_test.go
@@ -724,7 +724,7 @@ func TestVerifiedPublicCallbackPartialSuccessBadUsage(t *testing.T) {
 
 	_, _, _, err = NewClientConn(c2, "", &clientConf)
 	if err == nil {
-		t.Fatal("authentication suceeded with PartialSuccess returned from PublicKeyCallback and  VerifiedPublicKeyCallback defined")
+		t.Fatal("authentication succeeded with PartialSuccess returned from PublicKeyCallback and  VerifiedPublicKeyCallback defined")
 	}
 }
 
@@ -803,7 +803,7 @@ func TestVerifiedPublicKeyCallbackOnly(t *testing.T) {
 
 	_, _, _, err = NewClientConn(c2, "", &clientConf)
 	if err == nil {
-		t.Fatal("authentication suceeded with only VerifiedPublicKeyCallback defined")
+		t.Fatal("authentication succeeded with only VerifiedPublicKeyCallback defined")
 	}
 	<-done
 }
diff --git a/ssh/test/recording_client_test.go b/ssh/test/recording_client_test.go
index 5c7830f..b744bd3 100644
--- a/ssh/test/recording_client_test.go
+++ b/ssh/test/recording_client_test.go
@@ -251,7 +251,7 @@ func TestClientKeyExchanges(t *testing.T) {
 
 	var keyExchanges []string
 	for _, kex := range config.KeyExchanges {
-		// Exclude ecdh for now, to make them determistic we should use see a
+		// Exclude ecdh for now, to make them deterministic we should use see a
 		// stream of fixed bytes as the random source.
 		if !strings.HasPrefix(kex, "ecdh-") {
 			keyExchanges = append(keyExchanges, kex)
diff --git a/ssh/test/recording_server_test.go b/ssh/test/recording_server_test.go
index fe99198..898a847 100644
--- a/ssh/test/recording_server_test.go
+++ b/ssh/test/recording_server_test.go
@@ -232,7 +232,7 @@ func TestServerKeyExchanges(t *testing.T) {
 
 	var keyExchanges []string
 	for _, kex := range config.KeyExchanges {
-		// Exclude ecdh for now, to make them determistic we should use see a
+		// Exclude ecdh for now, to make them deterministic we should use see a
 		// stream of fixed bytes as the random source.
 		// Exclude ML-KEM because server side is not deterministic.
 		if !strings.HasPrefix(kex, "ecdh-") && !strings.HasPrefix(kex, "mlkem") {
diff --git a/x509roots/nss/parser.go b/x509roots/nss/parser.go
index feca766..5c9f36a 100644
--- a/x509roots/nss/parser.go
+++ b/x509roots/nss/parser.go
@@ -192,7 +192,7 @@ func Parse(r io.Reader) ([]*Certificate, error) {
 	// Since we only really care about a couple of fields, this parser throws
 	// away a lot of information, essentially just consuming CKA_CLASS objects
 	// and looking for the individual fields we care about. We could write a
-	// siginificantly more complex parser, which handles the entire format, but
+	// significantly more complex parser, which handles the entire format, but
 	// it feels like that would be over engineered for the little information
 	// that we really care about.